A Perfect example for HTML 4.01 forms.

HTML 4.01 is used widely and forms are everywhere. This isn’t HTML5 which makes things easy. Forms had been a part of the HTML specification and after years of use, it has dominated for day to day web-page creation to provide the flexibility of the users to submit there requests using HTTP protocols. Here’s is a perfect example for demonstration:

That was a beautiful HTML 4.01 code, this is least required for web-development. Apart from web-development, I had posted this here because familiarity with web-page coding is minimal requirement for any serious web application penetration tester. Remember, this blog belongs for web application penetration testing and not for web-development. The minimal requirements needed for web-dev is mentioned in this blog (look at the various sections in this blog). Apart from everything else, I had kept the code clean using style tables which has three elements:

1.) Table Tag
2.) Table Row
3.) Table Data

Table columns are not needed at this point because there are no columns which could be required for information retrieval from the user in that representative arena. However, if one argues the web-dev approach for some unknown reason, this could be accomplished. The point is to show for HTML 4.01 forms work and their use. The ‘#’ on the action attribute denotes that we really do not have anything processed at the moment. A back-end language such as PHP, ASP, etc helps. That apart, the form uses ‘POST’ as HTTP method or verb for carrying out the information to the URL mentioned in the ‘action’ attribute. Below is a snippet of how the browser renders the code:

HTML 4.01 Form

This is something neat. The form demonstrates:

Radio Buttons

Check Buttons

POST submission

Table Rows

Reset Feature

The code be useful for those willing to know the basics of web-page on HTML 4.01 development prior to taking up web application pentest seriously. This not only assists in enumeration and knowing what the application does but also eliminates the negativity of false positives because we are now more precise about the application and it’s usage.